RVS4000 IP Access Lists

Answered Question
Jan 11th, 2010
User Badges:

Hello all,


I am trying to block access from 1 VLAN to another without disabling InterVLAN routing.


In my access list entry I have the following:


Deny ALL protocols, Source interface LAN; Source Address Network 192.168.8.0/24 (VLAN I wish to block); Destination Address Network 192.168.1.0.


It looks like this should work however hosts from the 192.168.8.0 network can access the 192.168.1.0 network. If I disable InterVLAN routing it blocks traffic between the VLANs as you would expect. In the future I plan to have another VLAN that I do wish to route between VLANs.


Any help would be appreciated,


Thanks!


Brian

Correct Answer by Te-Kai Liu about 7 years 2 months ago

The IP based ACL of RVS4000 is designed to restrict the traffic between LAN and WAN (bi-direction), but not the inter-VLAN traffic. So the scenario is not supported unfortunately.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Te-Kai Liu Wed, 01/13/2010 - 08:14
User Badges:
  • Gold, 750 points or more

The IP based ACL of RVS4000 is designed to restrict the traffic between LAN and WAN (bi-direction), but not the inter-VLAN traffic. So the scenario is not supported unfortunately.

bmangan83 Wed, 01/13/2010 - 08:26
User Badges:

Thanks for your help. It is too bad that feature is not supported in this router. Is this something that is being considered for the future?


Have a great day!


Brian

Te-Kai Liu Wed, 01/13/2010 - 08:40
User Badges:
  • Gold, 750 points or more

To support the scenario you described, you might want to take a look at the SA500 series such as SA520.

For RVS4000, I will pass your request onto the product team for consideration.


I was told that RVL200, which also supports inter-VLAN routing and IP-address based Access Rules, can support the scenario you described.

Actions

This Discussion